Federal Legislation Should Mean Single Standard for Internet Privacy

Check out highlights from Lora's poll of industry experts on the topic of online security.

Does the raft of different privacy bills being bandied about in Congress right now make anyone else's head spin?

First there was the bill introduced by Rep. Bobby Rush (D-Ill.) in February. The bill would allow companies to collect users' Web activity information, but would provide users with a means to easily opt out of such collection. It would also require companies to obtain consent before sharing the collected information with third parties.

Then there's the bill introduced by Rep. Jackie Speier (D-Calif.), which expressly authorizes the Federal Trade Commission to create a do-not-track system for Internet businesses. The FTC recommended such a system in December, when it issued its report on Internet privacy. At the time, the agency's recommendations were just that: recommendations. If the Speier bill passes, the system would be mandated.

Finally, of course, there's the sole measure in the Senate thus far-the online privacy "bill of rights" sponsored by Sens. John Kerry (D-Mass.) and John McCain (R-Ariz.) Introduced just this week. The proposed law would require companies to obtain consent before collecting personal information from consumers, to explain exactly what they were collecting and how they were going to use it, and would make it harder for companies to use that information to create user profiles for purposes of targeted advertising. The bill also authorizes the FTC to impose fines of up to $3 million for violations.

Monday, I spoke to Behnam Dayanim, co-chair of the Litigation and Regulatory Group at the law firm of Axinn Veltrop & Harkrider about the bills. They're all different in the details, he told me, but at the end of the day, they're all designed "to increase the level of protection afforded to personal information online."

And the do-not-track bill that California state legislators have introduced? Dayanim says what happens to it depends on the federal legislation that passes. If the Kerry-McCain bill passes, it will likely pre-empt the California proposal. But if Congress drags its feet on federal legislation and several states start passing laws similar to California's, he said, Congress will probably "try to pre-empt the field." After all,

[I]f you get competing directions here, it could create problems for companies that have a nationwide scope to their operations. That's always an issue with data privacy, but it's even more of an issue when you're talking about Internet-specific data privacy.

Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.